File Event Queries¶
-
class
py42.clients.file_event.
FileEventClient
(session)¶ Bases:
py42.clients.BaseClient
A client for searching file events.
See the Executing Searches User Guide to learn more about how to construct a query.
-
search
(query)¶ Searches for file events matching the query criteria. REST Documentation
- Parameters
query (
FileEventQuery
or str) – A composed FileEventQuery object or the raw query as a JSON formatted string.- Returns
A response containing the query results.
- Return type
-
-
class
py42.sdk.queries.fileevents.file_event_query.
FileEventQuery
(*args, **kwargs)¶ Bases:
py42.sdk.queries.BaseQuery
Helper class for building Code42 Forensic Search queries.
A FileEventQuery instance’s
all()
andany()
take one or moreFilterGroup
objects to construct a query that can be passed to theFileEventClient.search()
method.all()
returns results that match all of the provided filter criteria,any()
will return results that match any of the filters.For convenience, the
FileEventQuery
constructor does the same asall()
.Usage example:
email_filter = EmailSender.is_in(["test.user@example.com", "test.sender@example.com"]) exposure_filter = ExposureType.exists() query = FileEventQuery.all(email_filter, exposure_filter)
Filter Classes¶
The following classes construct filters for file event queries. Each filter class corresponds to a file event detail.
Call the appropriate classmethod on your desired filter class with the value
you want to match and it will return a
FilterGroup
object that can be passed to FileEventQuery
’s all()
or any()
methods to create complex queries
that match multiple filter rules.
Example:
To search for events observed for certain set of documents, you can use the FileName
and MD5
filter classes to
construct FilterGroup
s that will search for matching filenames or (in case someone renamed the sensitive file) the
known MD5 hashes of the files:
filename_filter = FileName.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])
See Executing Searches for more on building search queries.
Event Filters¶
-
class
py42.sdk.queries.fileevents.filters.event_filter.
EventTimestamp
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterTimestampField
Class that filters events based on the timestamp of the event that occurred.
-
classmethod
in_range
(start_value, end_value)¶ Returns a
FilterGroup
to find events where the filter timestamp is in range between the provided start_value and end_value.
-
classmethod
on_or_after
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is on or after the provided value.
-
classmethod
on_or_before
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is on or before the provided value.
-
classmethod
on_same_day
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is within the same calendar day as the provided value.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.event_filter.
EventType
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters file events based on event type.
Available event types are provided as class attributes:
EventType.CREATED
EventType.DELETED
EventType.EMAILED
EventType.MODIFIED
EventType.READ_BY_APP
Example:
filter = EventType.isin([EventType.READ_BY_APP, EventType.EMAILED])
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
class
py42.sdk.queries.fileevents.filters.event_filter.
InsertionTimestamp
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterTimestampField
Class that filters events based on the timestamp of when the event was actually added to the event store (which can be after the event occurred on the device itself).
value must be a POSIX timestamp. (see the Dates section of the Basics user guide for details on timestamp arguments in py42)
-
classmethod
in_range
(start_value, end_value)¶ Returns a
FilterGroup
to find events where the filter timestamp is in range between the provided start_value and end_value.
-
classmethod
on_or_after
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is on or after the provided value.
-
classmethod
on_or_before
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is on or before the provided value.
-
classmethod
on_same_day
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is within the same calendar day as the provided value.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.event_filter.
Source
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
File Filters¶
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileCategory
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events by category of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the name of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileOwner
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the owner of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FilePath
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by path of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileSize
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterComparableField
Class that filters events by size of the file observed.
Size
value
must be bytes.-
classmethod
greater_than
(value)¶ Returns a
FilterGroup
to find events where filter data is greater than the provided value.
-
classmethod
less_than
(value)¶ Returns a
FilterGroup
to find events where filter data is less than than the provided value.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
MD5
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the MD5 hash of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
SHA256
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by SHA256 hash of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
Device Filters¶
-
class
py42.sdk.queries.fileevents.filters.device_filter.
DeviceUsername
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the Code42 username of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
OSHostname
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by hostname of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
PrivateIPAddress
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by private (LAN) IP address of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
PublicIPAddress
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by public (WAN) IP address of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
Cloud Filters¶
-
class
py42.sdk.queries.fileevents.filters.cloud_filter.
Actor
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the cloud service username of the event originator (applies to cloud data source events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.cloud_filter.
DirectoryID
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by unique identifier of the cloud drive or folder where the event occurred (applies to cloud data source events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
Class that filters events by the shared status of the file at the time the event occurred (applies to cloud data source events only).
Returns a
FilterGroup
to find events where the filter state is False.
Returns a
FilterGroup
to find events where the filter state is True.
Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the list of users who had been granted access to the file at the time of the event (applies to cloud data source events only).
Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
Returns a
FilterGroup
to find events where filter data exists.
Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
Returns a
FilterGroup
to find events where filter data does not exist.
Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
class
py42.sdk.queries.fileevents.filters.cloud_filter.
SharingTypeAdded
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters results to include events where a file’s sharing permissions were changed to a value that increases exposure (applies to cloud data source events only).
- Available options provided as class attributes:
SharingTypeAdded.SHARED_VIA_LINK
SharingTypeAdded.IS_PUBLIC
SharingTypeAdded.OUTSIDE_TRUSTED_DOMAIN
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
Exposure Filters¶
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
ExposureType
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on exposure type.
- Available options are provided as class attributes:
ExposureType.SHARED_VIA_LINK
ExposureType.SHARED_TO_DOMAIN
ExposureType.APPLICATION_READ
ExposureType.CLOUD_STORAGE
ExposureType.REMOVABLE_MEDIA
ExposureType.IS_PUBLIC
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
ProcessName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the process name involved in the exposure (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
ProcessOwner
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the process owner that was involved in the exposure (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the removable media involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaVendor
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the vendor of the removable media device involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaMediaName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaVolumeName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaPartitionID
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaSerialNumber
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
SyncDestination
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the cloud service the file is synced with (applies to
synced to cloud service
events only).- Available options are provided as class attributes:
SyncDestination.ICLOUD
SyncDestination.BOX
SyncDestination.BOX_DRIVE
SyncDestination.GOOGLE_DRIVE
SyncDestination.GOOGLE_BACKUP_AND_SYNC
SyncDestination.DROPBOX
SyncDestination.ONEDRIVE
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
TabURL
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the URL of the active browser tab at the time the file contents were read by the browser (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
WindowTitle
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the browser tab or application window that was open when a browser or other app event occurred (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
Email Filters¶
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailPolicyName
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email DLP policy that detected this file (applies to emails sent via Microsoft Office 365 only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailSubject
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email’s subject (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailRecipients
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email’s recipient list (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailSender
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email’s sender (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailFrom
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the display name of the email’s sender, as it appears in the “From:” field in the email (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod